Integrating Gryphon WifiAP with Pfsense
-
Installing pfsense docker in UNRAID.
I have a Gryphon tower AP that cannot be put in bridge mode. My goal is to have pfsense managing the wired clients, and monitoring the Gryphon wireless clients. But the Gryphon will assign DHCP to all wireless clients.
Can someone please suggest how to configure pfsense for the above objective?
Maybe like this?- Configure gryphon DHCP IP range from subnet.100 to subnet.200 for wireless/guest clients
- pfsense VLAN 1 port connected to Gryphon WAN port with fixed IP in VLAN 1.
- pfsense VLAN 2 port with DHCP pool subnet.10 to subnet.99 for wired clients
- pfsense firewall rules keeps VLAN1 and VLAN2 traffic separate and connected to internet.
Thanks for your time and help!
-
@pfnuevo said in Integrating Gryphon WifiAP with Pfsense:
Gryphon tower AP that cannot be put in bridge mode
Just so you know you can put ANY wifi router in just AP mode by just connecting it to your network via one of its lan ports vs its wan.. Turning off its dhcp server.. There you go instant AP..
-
The Gryphon cannot disable DHCP since it's one of their parental control features. I can set the DHCP range, or type fixed IPs. I'm trying to work around that limitation.
-
@pfnuevo said in Integrating Gryphon WifiAP with Pfsense:
My goal is to have pfsense managing the wired clients, and monitoring the Gryphon wireless clients
Define monitoring there?
Can you disable NAT on the Gryphon router?
If so you can just add it as a downstream gateway with a static route in pfSense and it will see the real wifi client IPs.Steve
-
Monitoring means pfSense doing what it does best protecting my network: SPI, anti-spoofing, etc. But I am not sure if pfSense can do that for downstream router doing DHCP for wireless clients. Cannot disable NAT on Gryphon.
What about this idea from firewalla? Set Gryphon DHCP range to 1 and assign it to pfsense upstream?
https://help.firewalla.com/hc/en-us/articles/360009259414-Setup-Guide-Routers-that-are-not-able-to-turn-off-DHCP-Service
-
If you can't disable NAT, or just connect to the LAN side, then you would need to be running DHCP or wireless clients won't get an IP.
The Gryphon would likely need to be routing to use any of it's filtering services.Steve
-
@pfnuevo said in Integrating Gryphon WifiAP with Pfsense:
disable DHCP since it's one of their parental control features
How and the hell is that a parental control feature? Then set the pool to 1 or as small as you can and assign a reservation to some mac(s) that doesn't exist ;) etc..
-
Mmm, I imagine it needs to run as a router to use most/all of the parental controls and filtering if you want that. And probably the wifi mesh stuff also.
-
I got it to work like this. Please advice on security/misconfiguration concerns.
modem - pfsense - switch - Gryphon AP (WAN port only)
-
Gryphon AP conf:
**WAN port ethernet to switch.
**Cannot put in bridge or disable NAT.
**WAN: DHCP lease from pfsense, 192.168.9.X
**LAN DHCP range 100 to 249 assigned to wireless clients.
**Manual DNS: YES, 192.168.1.Y adguard (running on server)
***Gryphon filters first before manual DNS. Filtering working -
pfSense conf:
**DHCP leases for wired clients in rage 10 to 99
Maybe this is double NAT with wireless LAN and pfsense? But pfsense doesn't have leases for wireless clients, it is routing the wireless clients, 192.168.9.X traffic, out to WAN. Thanks for your comments.
-
-
stephenw10 Netgate Administratorlast edited by stephenw10 Mar 13, 2022, 8:48 PM Mar 13, 2022, 8:48 PM
You set the Gryphon LAN interface to be the same subnet that pfSense is handing it as WAN? 192.168.9.0/24?
I would expect that to fail. It cannot route between those. But I guess you have tested it and it works? -
Thanks stephenw10 for pointing out typo on subnets. Subnet .1 on pfsense & AP WAN side.
Subnet .9 on AP LAN side. I cannot edit the previous post to correct.